Not a SOC FAQ! This is SOC FMD!
Somebody asked me this profound question that (a) I feel needs an answer and that (b) I’ve never answered in the past:If you run a SOC (or an equivalent D&R team), what things should you require (demand, request, ask, beg … depending on the balance of corporate power) of other teams?Dall-E via Copilot ... Read More
The Great Cloud Security Debate: CSP vs. Third-Party Security Tools
Do I go to my Cloud Service Provider (CSP) for cloud security tooling or to a third party vendor?Who will secure my cloud use, a CSP or a focused specialty vendor?Who is my primary cloud security tools provider?This question asked in many ways has haunted me since my analyst days, and ... Read More
Guide your SOC Leaders to More Engineering Wisdom for Detection(Part 9)
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator.In this blog (#9 in the series), we will cover a few higher level elements for moving to detection engineering approachesDetection Engineering is Painful — and It Shouldn’t Be (Part 1)Detection Engineering and SOC ... Read More
Learn Modern SOC and D&R Practices Using Autonomic Security Operations (ASO) Principles
Learn Modern SOC and D&R practices for free from Google! Yes, really! That’s the message. Join *hundreds* of others who already signed up!Now, with full details….After some ungodly amount of work, the original ASO crew (but really Iman!) put together an epic Modern Security Operations training, now launched at Coursera at ... Read More
Google Cloud Security Threat Horizons Report #10 Is Out!
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our next Threat Horizons Report (full version) that we just released (the official blog for #1 report, my unofficial blogs for #2, #3, #4, #5, #6, #7, #8 and #9).My favorite quotes from the ... Read More
Anton’s Security Blog Quarterly Q2 2024
Amazingly, Medium has fixed their stats (so not all is lost) so my blog quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe).Top 7 posts with the most lifetime views (excluding paper announcement ... Read More
We Love What’s Broken … Yes, This Of Course Means SIEM!
We Love What’s Broken … Yes, This Of Course Means SIEM!SIEM challenges never stopped me from loving this technology, but I am very cognizant of YMMV. Anyhow, CardinalOps released their annual “state of SIEM” report, and here are some fun highlights.CardinalOps State of SIEM 2024 Report“Can potentially cover 87% of ATT&CK with existing ... Read More
No Snow, No Flakes: Pondering Cloud Security Shared Responsibility, Again!
Disclaimer: this blog is very obviously inspired by current events, but it is absolutely not about those events. Meoooow! Lawyercats, stay away! No mice here.Dall-E via Copilot Lawyer Cat, Steampunk VibeSo, I hear there was some kinda incident and so Mandiant is investigating, as they tend to do. Mandiant blog has ... Read More
Back to Cooking: Detection Engineer vs Detection Consumer, Again?
This is not a blog about the recent upheaval in the magical realm of SIEM. We have a perfectly good podcast / video about it (complete with hi-la-ri-ous XDR jokes, both human and AI created).This is about something that bothered me for a long time (since my Gartner days) and ... Read More
RSA (“RSAI”) Conference 2024 Powered by AI with AI on Top — AI Edition (Hey AI, Is This Enough AI?)
RSA (“RSAI”) Conference 2024 Powered by AI with AI on Top — AI Edition (Hey AI, Is This Enough AI?)Where do we have “41,000 attendees, 650 speakers, 600 exhibitors and 400 members of the media” who all care about cyber security? Ha, an easy question: RSA Conference 2024, of course!I started my post-RSA blog ... Read More
